Technical Information Security Content & Discussion

8 readers
1 users here now

/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to...

founded 1 year ago
MODERATORS
[email protected]
listing: all - local
1
1
Breaking out of VRChat using a Unity bug (khang06.github.io)
submitted 7 hours ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/khangaroooooooo on 2024-11-24 17:37:51.
2
1
Handling Cookies is a Minefield (grayduck.mn)
submitted 1 day ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/smaury on 2024-11-24 00:37:09.
3
1
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access (www.volexity.com)
submitted 2 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/cryptogram on 2024-11-22 21:55:52.
4
1
Navigating the Leap: My Journey from Software Engineering to Offensive Security (www.offsec.com)
submitted 2 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/andy-codes on 2024-11-22 20:59:10.

I've recently transitioned to infosec, a journey I documented through blog posts over time. Now, I've had the opportunity to collaborate with OffSec to write a summary of this transition, which is finally up on their website. In the article, I share my experience moving from software engineering to offensive security, discussing the challenges, the effort required for upskilling and certifications like OSCP, and the importance of community engagement. Despite obstacles, I successfully landed an offensive security role, and the experience has been incredibly rewarding.

5
1
Prototype Pollution in NASAs Open MCT CVE-2023-45282 (visionspace.com)
submitted 2 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/andy-codes on 2024-11-22 20:37:06.

In the article, I discuss a prototype pollution vulnerability (CVE-2023-45282) found in NASA's Open MCT. This flaw in JavaScript allows attackers to alter object prototypes, potentially leading to serious outcomes like privilege escalation or remote code execution (RCE). I explain how the vulnerability occurs in the "Import from JSON" feature, which can crash the application or lead to more dangerous exploits. Fortunately, NASA responded quickly to fix the issue, but it highlights the importance of securing deep merge operations in JavaScript.

This security research was originally published at VisionSpace Blog (https://visionspace.com/prototype-pollution-in-nasas-open-mct-cve-2023-45282/).

6
1
Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x (www.assetnote.io)
submitted 2 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/Mempodipper on 2024-11-22 04:36:30.
7
1
Stop Using Predictable Bucket Names: A Failed Attempt at Hacking Satellites (www.securityrunners.io)
submitted 3 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/crustysecurity on 2024-11-21 18:01:43.
8
1
Azure Detection Engineering: Log idiosyncrasies you should know about (tracebit.com)
submitted 3 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/tracebit on 2024-11-21 17:22:38.
9
1
Sync or Sink: Navigating the Choppy Waters of the Flipper Zero, and consumer friendly hacking… (adam-toscher.medium.com)
submitted 3 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/pentest4life on 2024-11-21 12:19:05.
10
1
Spelunking in Comments and Documentation for Security Footguns - Include Security Research Blog (blog.includesecurity.com)
submitted 4 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/907jessejones on 2024-11-20 19:04:51.
11
1
Azure CloudQuarry: Searching for secrets in Public VM Images (securitycafe.ro)
submitted 4 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/phoenixzeu on 2024-11-20 14:11:24.

A research attempting to find forgotten secrets by scanning inside 15K public Azure Images that can be used to deploy Virtual Machines.

12
1
Security Researchers found 2k high risk vulnerabilities in exposed Fortune 1000 APIs (escape.tech)
submitted 4 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/AlarmingApartment236 on 2024-11-20 13:38:40.
13
1
Wormable XSS www.bing.com (medium.com)
submitted 4 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/Significant_Fix_1741 on 2024-11-20 13:29:22.
14
1
[PoC] Critical Authentication Vulnerability in SAP BusinessObjects Business Intelligence Platform (community.sap.com)
submitted 4 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/vah_13 on 2024-11-20 09:29:29.
15
1
Remediation for CVE-2024-20767 and CVE-2024-21216 Potential Exploitable Bugs (blog.securelayer7.net)
submitted 5 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/SL7reach on 2024-11-19 23:39:01.
16
1
Extracting Plaintext Credentials from Palo Alto Global Protect (shells.systems)
submitted 5 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/AlmondOffSec on 2024-11-19 16:25:26.
17
1
Extending Burp Suite for fun and profit - The Montoya way - Part 7 (Using the Collaborator) (security.humanativaspa.it)
submitted 5 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/0xdea on 2024-11-19 09:56:46.
18
1
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 - watchTowr Labs (labs.watchtowr.com)
submitted 5 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/dx7r__ on 2024-11-19 09:37:21.
19
1
OpenBMC Remote OS Deployment: A Simplified Approach (hardenedvault.net)
submitted 6 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/hardenedvault on 2024-11-19 05:13:14.
20
1
Research Case Study: Supply Chain Security at Scale – Insights into NPM Account Takeovers (laburity.com)
submitted 6 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/Ancient_Title_1860 on 2024-11-18 18:52:40.
21
1
Salamander/MIME – Just because it's encrypted doesn't mean it's secure | Lutra Security (lutrasecurity.com)
submitted 6 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/lutrasecurity on 2024-11-18 12:06:56.
22
1
Reverse Engineering iOS 18 Inactivity Reboot (naehrdine.blogspot.com)
submitted 6 days ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/albinowax on 2024-11-18 09:25:35.
23
1
Exploring the DOMPurify library: Bypasses and Fixes (mizu.re)
submitted 1 week ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/albinowax on 2024-11-17 16:06:45.
24
1
🌪️Heads up trainers: TyphoonCon 2025 Call for Training is now open! (typhooncon.com)
submitted 1 week ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/Straight-Zombie-646 on 2024-11-17 10:50:05.
25
1
Unpatched Remote Code Execution in Gogs (fysac.github.io)
submitted 1 week ago by [email protected] to c/[email protected]
0 comments fedilink
 
 
The original post: /r/netsec by /u/fysac2 on 2024-11-15 20:45:16.
view more: next ›